Audrey ANDAY*, Enrico FRANCESE*, Hugo C. HUURDEMAN*, Muharrem YILMAZ*, Dydimus ZENGENENE* Abstract
|
|
- Bryan Reeves
- 8 years ago
- Views:
Transcription
1 BİLGİ Audrey DÜNYASI, ANDAY, Enrico 2012, FRANCESE 13 (1) et al. Information Security Issues in a Digital Library Environment: A Literature Review Dijital Kütüphane Ortamında Bilgi Güvenliği Sorunları: Literatür Değerlendirmesi Audrey ANDAY*, Enrico FRANCESE*, Hugo C. HUURDEMAN*, Muharrem YILMAZ*, Dydimus ZENGENENE* Abstract This paper aimed to explore the literature on security issues that digital libraries should consider in managing digital resources. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from Security in digital libraries is an issue of the most important, and should be considered carefully in creating policies and strategic plans of institutions wanting to set up a digital library. This paper focused on the four main streams that concerns security in the digital environment, namely: infrastructure, digital content, users and standards and legal issues. This literature review also built upon previous literature reviews, and is one of the few of its kind in the topic. Keywords: Information security, Digital libraries, Data protection Öz Bu çalışma dijital kütüphanelerin kaynakların yönetiminde göz önünde bulundurması gereken güvenlik sorunlarına ilişkin literatürü ortaya koymayı amaçlamaktadır. Bilgi Güvenliği, Ağ Güvenliği, Kişisel Gizlilik konuları üzerine yıl aralığını kapsayan kitaplar ve makaleler ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Akademik, ProQuest, Emerald Insight ve ACM gibi çeşitli veri tabanlarından taranmıştır. İncelenen literatürden elde edilen sonuçlara göre, bilgi güvenliği dijital kütüphaneler için son derece önemli bir konudur ve dijitalleşme sürecinde bir kütüphane, güvenlik politikalarını ve stratejik planlarını dikkatle göz önünde bulundurmalıdır. Bu araştırmada dijital ortamda güvenliği ilgilendiren Altyapı, Dijital İçerik, Kullanıcılar, Standartlar ve Hukuki Konular olmak üzere dört ana madde üzerinde durulmuştur. Bu çalışma ayrıca daha önceki literatür taramalarını da kapsamaktadır. Anahtar sözcükler: Bilgi güvenliği, Dijital kütüphaneler, Veri koruma * Master Students; International Master in Digital Library Learning (aganday@gmail.com), (efrancese@gmail.com), (hugohuurdeman@gmail.com), (yilmaz.muharrem@gmail.com), (dydimus.zengenene@gmail.com)
2 Audrey ANDAY, Enrico FRANCESE et al. Introduction Society has been increasingly dependent on information technology (IT) for several years now. In this Information Age, millions of users (or participants) access and exchange billions of objects of information content in complex work flow processes (e.g., commerce, learning, health care). The research community uses computer systems to perform research and to disseminate findings. Information sharing has been made easier and less expensive by Internet technologies and global networking infrastructures, but availability of such information systems comes at the expenses of higher risks. In the long run, information is not preserved, websites tend to disappear frequently and digital media become obsolete easily and there can be an abuse in the privacy of information. Moreover, the integrity of the systems could be compromised. Access control is often described as rules regulating how participants are allowed to access object and could also be viewed as information flow control because every access results in flow of information between entities (either or both participant and object) (Chen, Choo and Chow, 2006). The integrity and availability of all these systems have to be protected against a number of threats. Hackers, rival corporations, terrorists and even foreign governments have the motive and capability to carry out sophisticated attacks against computer systems (Patel, Qassim and Wills, 2010). Thus, security mechanisms appropriate for Internet-based, real-world applications should be a prerequisite. Unless an attack is successful or a system is compromised, security in general, intrusion detection (ID) in particular, is rarely noticed by management. When security fails and the notification is too late, only would managers consider viewing the security issue as visible as their organizational needs. Such crisis would finally open the sense of importance of security in any given system (Goodall, Lutters and Kondoli, 2009). Dorsish et al. (2004, p.391), mentioned in their paper that effective security solutions depend [ ] also on people s ability to understand them and use them as part of their work. Moreover, Birnbaum (2004), in his talk shared that in today s information-rich world, digital libraries would play an essential role and will assume central positions of even more significance in pervasive systems. They will not only serve as repositories of knowledge and information, and as the primary mechanism for its retrieval and distribution, but they will also be the focal point for the integration of information and scholarship across all boundaries of application, language, and media. Since they will also inevitably become the target of malicious attack by people seeking unauthorized information, and by terrorists seeking to disrupt the global information infrastructure and the physical infrastructures built upon it, it is both timely and essential to study the cyber security characteristics future digital libraries will have to support. 118
3 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Furthermore, Tyrväinen in 2005, as cited in Fox and ElSherbiny (2011), considered the security as an important issue in digital library design. Security weaknesses in digital libraries, coupled with attacks or other types of failures, can lead to confidential information being inappropriately accessed, or loss of integrity of the data stored. These in turn can have a damaging effect on the trust of publishers or other content providers, can cause embarrassment or even economic loss to digital library owners, and can even lead to pain and suffering or other serious problems if urgently needed information is unavailable (Fox and ElSherbiny, 2011, p.8). This paper reviews literature about security issues in the digital environment specifically what digital libraries should be aware of in the first place. Methodology The search strategy that was employed for this literature review involved searching printed and online materials. Books on information security and network security were consulted as well as several databases such as ERIC, Ebrary, LISA, Science Direct, EbscoHost, ISI, Google Scholar, ProQuest, Emerald Insight, ACM were searched to understand what particular aspect of information security and privacy in digital libraries exist from Several keywords used to search catalogues and databases include digital libraries AND security, security in digital libraries, information security in digital libraries, threats information security, wireless security, database security, system security ontology library, security AND libraries, security in libraries, privacy in libraries, information security, digital content security, information security AND legal aspects, information security standards, information security AND digital library, data protection law A very broad spectrum of articles that deals with the whole concept of security came out; so we decided to limit the articles to those that pertains to the four main streams that concerns security in the digital environment: 1) Infrastructure - This section focused on the importance of security applied in any system infrastructure that covers securing hardware and software, ensuring network security, and looking into Web vulnerabilities that can distract the smooth flow of communication and transfer of information in a wired or wireless environment. 2) Digital content - This section discussed how important it is to also ensure that digital content are secured in a digital environment and describes some of the steps that can be undertaken in order to recover important data and attain the real purpose of preservation. 3) User information security - This section illustrated some issues pertaining to the terms of security of systems, maintaining the confidentiality of users within a digital library environment i.e. their private information are kept in a trustworthy manner and is not used without their knowledge. 119
4 Audrey ANDAY, Enrico FRANCESE et al. 4) Standards and legal issues - This section provided an overview of the development of the different existing standards in ensuring security of any system which can serve as basis for formulation of polices and guide in setting up a system in digital environment. 1 - Infrastructure According to Lampson (2004), people have been working on computer system security for over thirty years and they have registered notable intellectual success. However, the security risk of millions of deployed computer systems is so high that a determined and competent attacker could destroy most of the information on almost any of these systems or steal it from any system that is connected to a network or even attack millions of systems at once. Library computers are not safe, they are physically vulnerable to theft, damage and destruction, but, most of all, they are vulnerable to attacks by a host of malware agents which include Trojans, viruses, worms, adware, spyware, pornware, keystroke loggers, password stealers and others (Zimerman, 2009). Hackers, viruses, worms, and trojan horses as external extrusions which libraries should be able to handle (Al- Suqri and Afzal, 2007). Computers are not safe because they have the most popular antivirus software; instead it is more dangerous to believe that one is safe when he/ she has antivirus software installed. There are criminals who specialize in targeted attacks, making it more difficult to handle the risk with the traditional antivirus systems (Zimerman, 2009). Given the value of information that they hold, digital libraries have to be worried about this problem. Danger is a multifaceted threat which faces every computing environment, however there are protection systems that have to be applied but some are too expensive for a library and they only help to minimize but are never perfect (Zimerman, 2009). In a library environment it is even harder since it is difficult to control behavior of many users. Lampson (2004) summarizes it all by his phrase security is pain, arguing that the threat of IT security does not seem very high until one is attacked, however implementation of security is expensive and takes time from hours of production even if it does not directly contribute to production. The pain is even higher in libraries where the output is a service which is usually offered free of charge. 1.1 Securing the Hardware Hardware security is the security of such equipment as computers, printers, monitors etc which libraries find indispensible in their day today functions especially in this digital era. There is need to keep such hardware in secure rooms under physical lock and key and an inventory system should be implemented for easy tracking. Control deters theft of property, unauthorized access to servers thereby preventing tampering with server settings, corrupting data, or gaining access to programs and confidential information (National Forum on Education Statistic, 2003). In order to maintain hardware security, it is important to implement strong physical security measures. 120
5 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Network security In a digital library...resources are accessed via the Internet and networks are playing a vital role in connecting these information sources (Singh, 2003). In the digital age availability of secure, efficient and cost effective networks of access, would be the core competency of the libraries. It would be vital for libraries to secure networks so that the integrity of data can be maintained (Al-Suqri and Afzal, 2007). Network equipment include hubs, routers switches and cabling. For the hardware that supports the network it is necessary to implement security measures that correspond to all other sensitive hardware equipment (National Forum on Education Statistic, 2003). Computer networks now exist as wired and/or wireless networks and security measures in these environments are different. Libraries tend to use wired networks for machines which are fixed in their premises. Wireless networks are used for connecting users who might be having their own mobile gadgets to connect to the network. To ensure security of physical networks, it is important not to allow users to install unauthorized network equipment, use secure passwords for root access, ensure proper cabling and cable protection (National Forum on Education Statistic, 2003). A wireless network is a network that uses high-frequency radio waves rather than wire to communicate between two nodes. The wireless network infrastructure has brought about better flexibilities in terms of geographical limitation as well as hardware and software accommodated. Mobile phones and other gadgets other than personal computers are joining the network realms which were previously the domain of personal computers connected through wires (Khalil, 2004). Wireless networks will be the standard mode for information access for both oncampus and classrooms connectivity. This technology is already helping students to interact with digital library systems on the net (Khalil, 2004). Wireless networks have however also brought with them a great degree of risks as far as network security is concerned. Unlike in the wired network, security in a wireless network is more of concern because network transmissions are available to anyone within the transmitter with the appropriate antenna, physical access controls like doors and locks do not help. Sniffing (intercepting) is much easier because the radio transmissions are designed to be processed by any receiver within the range and also that they have funny boundaries beyond the intended one (Gast, 2002). For that reason, the wireless networks is a double edged sword which possesses both high potential and high risks (Porter, 2002, p.16). Wired networks are also insecure since it is possible for an attacker to tap electromagnetic energy that is radiated by wired networks; however this is by use of sophisticated equipment and involves relative proximity to the cables unlike the wireless signal which can easily overlap across the intended boundaries (Porter, 2002, p.21). Due to the increase on the use of mobile gadgets, digital libraries are increasingly being accessed via wireless networks. That implies the need to consider investment in wireless network security if the integrity of information resources is to be maintained. 121
6 Audrey ANDAY, Enrico FRANCESE et al. 1.2 Operating system security The operating system is the underlying system on which application programmes run. Therefore, the choice of an operating system plays a critical role in ensuring system security. Operating systems ensure access to centralized resources including applications, access privileges can be granted or restricted thereby regulating the use of network resources. Some operating systems are easier to run yet they are less secure than those that might be difficult to run. In any case the system must be hardened or secured by removing unnecessary functions, restricting access and tracking changes and processes. There are several free open source operating systems available for free and proprietary operating systems for which libraries have to pay; however the cost of purchasing a system is not a guarantee for security. It is however possible to run a mixed computing environment where systems run on different operating systems but there is need for experience and high degree of expertise in administering such environments even though they guarantee better security (National Forum on Education Statistic, 2003). Libraries are therefore advised to consider establishing mixed computing environments even if the costs of maintenance are high. Database security Databases are very critical parts of the library information system as the key hosts of metadata, and other administrative information. Databases employ security systems as those of operating systems but users are assigned certain types of groups called roles. For example the head librarian and the library clerk have different roles in the system and that controls what each user can view or edit in the database. Database security can be maintained discretely or can be integrated with operating systems. That implies that users will require only one logon into the system. Database security mechanisms are effective if they are used in conjunction with proper security mechanisms implemented at the front end application like dynamic web pages (National Forum on Education Statistic, 2003). Databases have the capability to offer access to resources as defined by roles and profiles and should be based on the respective functions. A database should also have tracking features that can track when the database was accessed by whom and what changes took place. For instance; it must be possible to trace who added an article to the collection and when. Data transmission should be secured using protocols such as Secure Socket Later (SSL) or Secure Shell (SSH). SSL is a public key cryptography based confidentiality mechanism which is historically associated with web pages accessed via the secure hypertext transfer protocol (https) even though it can be used to encapsulate any protocol. Porter (2002) judges that SSL is best for protecting transaction based protocols such as web traffic and mail transactions. SSH is a secure replacement for commands such as rlogin, rcmd, and rshel. SSH also uses public key cryptography like SSL but does not rely on trusted authority to issue the public/private key pairs (Porter, 2002). 122
7 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Web application level vulnerabilities Despite the laws in European countries that mandate secure sites, many library websites have serious security flaws which render then vulnerable to attacks (Kuzma, 2010). From a research conducted in European countries, almost 80 percent of web related flaws were caused by web application vulnerabilities with the three main common types being: Cross scripting, Denial of Service and SQL injection. Major causes for these problems are pointed to be, lack of updating software versions, developers install the default software and forget the need to update, lack of consideration of security flaws, lack of upgrading software correctly and lack of effecting coding practice during designing and development (Kuzma, 2010). Cross-site Scripting Cross-site scripting is a security vulnerability that allows the injection of programming code by malicious third parties into web pages hosted on a server. This allows risks by allowing fishers or fraudsters to launch an attack without directly targeting or gaining access to a legitimate website. This allows unknowing and unsuspecting web visitors to see forms input and send data or to be exposed to malicious downloads on other content while viewing your website (Cyveillance, 2008). Denial of Service Denial of Service (DoS) is a type of attack that prevents access to network resources and this can be devastating and difficult to protect against and DoS involves flooding the network with traffic choking the transmission lines and preventing other legitimate users from accessing services on the network. Denial of access can come as various types of attacks at different layers of the OSI model but all leading to network flooding (Porter, 2002). SQL Injection SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input, in order to affect the execution of predefined SQL statements. It is a common threat in web applications that lack proper sanitization on user-supplied input used in SQL queries (Guimarães, 2009). Due to the increased need to offer computer aided web-based services, libraries must be aware of all these possible infrastructural threats and protect their data and the entire system. 2 - Data Security The core of any information system is the data contained in it: Libraries make no exception. With data we mean both the documents and the meta-information applied to them: OCLC (2006) reminds that For disaster prevention and recovery, all data 123
8 Audrey ANDAY, Enrico FRANCESE et al. (content and metadata) is considered of equal value. A secured system with corrupted data is useless; in the same way, the data storage within a frail infrastructure is weak and exposed to danger. System security and data protection go hand in hand, part of the same side in what Fox (2006) calls the two-front war. From one side we must protect our patrons, their privacy and confidentiality as well as their electronic devices. On the other hand there is the need to protect the digital content itself and the electronic infrastructure from abuse. 2.1 Background Fears The risks of digital preservation which libraries and archival institutions have to consider were foreseen since the end of the 1990s. Authors called for attention to these issues assuming dramatic tones, speaking of digital dark ages (Kuny, 1997) and a time-bomb for digital libraries (Hedstrom, 1998). The first author to claim risks for the digital preservation was Rothenberg (1995, p.2), who indicated the risk of format obsolescence as the main threat to the digital cultural heritage: although its reproducibility make digital information theoretically invulnerable to the ravages of time, the physical media on which it is stored are far from eternal. [...] The contents of most digital media [...] become unusably obsolete much sooner, as they are superseded by new media or incompatible formats. Moving his steps from this article, Kuny raised several points which in part repeat the concerns pointed out by Rothenberg (1995): Enormous amounts of digital information are already lost forever. Information technologies become obsolete very quickly. Document and media formats continue to proliferate. Technology standards will not solve fundamental issues in the preservation of digital information. Libraries will shortly see a demographic bulge of electronic material as the baby boom generation of authors and academics contribute material gathered during their careers. Much material will never make it into library collections for preservation because of increasingly restrictive intellectual property and licensing regimes. Archiving and preservation functions in a digital environment will increasingly become privatized as information continues to be commodified. Kuny shared two main concerns with Rothenberg (1995): The actual risk of obsolescence and the distrust for standards. The lack of faith in standards is due to the fact that commercial software vendors are not willing to play on. The challenge in preserving electronic information is not primarily a technological one, it is a sociological one (Kuny, 1997, p.4). 124
9 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Hedstrom (1998) looked at the standard issue with a different perspective. For her, the problem is that Digital preservation is constrained by the absence of established standards, protocols. In 1998 she just saw the situation as not mature enough. We will see in section 4 of this paper that since the time of Hedstrom and Kuny were writing, a lot of new developments happened in the field of standards. In this section we focus on the problems of data safety and preservation. 2.2 Obsolescence A definition of obsolescence is given by Pearson (2008). Reminding that A file format is a particular way to encode information for storage and use, he defines obsolescence as: the development of new format encodings that take the place of already existing formats in the marketplace of use; and the changes in the availability of presentation tools, generally (although not exclusively) in the direction of decreasing availability, for any particular file format (Pearson, 2008, p.91). According to Rosenthal (2010a), obsolescence has proved to be a minor risk: format obsolescence is a rare problem that happens infrequently to a minority of unpopular formats. Nevertheless, he proposes two solutions: a standard solution and an alternative one. The standard solution consists of migration: it is based upon public registries of format specifications and the creation of software which converts files in obsolete formats to usable files. A format registry is a repository for format representation information or, in other words, descriptive, administrative, and technical metadata about digital formats, including the definition of the syntactic and semantic characteristics of the registered formats. This metadata defines the significant properties of digital formats with regard to the long-term preservation of digital objects (Abrams, 2005, p.131). The alternate model is based upon emulation: the obsolete file is rendered in a replica of his original environment. Open-source technology is very important in order to create working emulators (Rosenthal, 2010b). Abrams (2005, p.129) notes that emulation differs from migration in the fact that the file is not manipulated but its integrity is kept at its original conditions. 2.3 Data security backup The main safety measure for the integrity of data is the backup (Whitman, 2003). Hadow (2009) clearly indicates backup as the main way to protect content ( The most reliable backups store the copied data off the premises, preserving it from physical damage. ). The OCLC Digital Archive Preservation Policy (OCLC, 2006, p.10) details a state-ofthe-art backup strategy. The main points can be summarized as: backups are made on tape support; data and metadata are treated together; operations are handled by specialized dedicated staff ( OCLC maintains staff solely dedicated to network and system security, including at least one Certified Information Systems Security 125
10 Audrey ANDAY, Enrico FRANCESE et al. Professional. ); backups are kept in secure off-site storage facilities ( All computer rooms are protected from fire by a halon gas fire suppression system. All computer rooms are climate-controlled with raised-floor environments ) whose access is strictly regulated ( Access privileges to the computer room are limited and are reviewed every three months. Each access is logged, recording information such as the staff person entering, the door entered, and the time ). The off-site facilities must meet the highest industry standards for safety and security. Rosenthal (2010b) shows how data storage has become easier and easier in the last years thanks to the development of technology and the lowering of the related costs: Storage is cheap, so if there is a chance the data could possibly be useful, we keep it. We know that storage isn t completely reliable, so we keep backup copies as well. Despite this, backup is not 100% reliable and easy to achieve. In the same article Rosenthal shows the difficulties related to the planning and cost of the backup systems: Our inability to compute how many backup copies we need to achieve a reliability target is something we are just going to have to live with. He also reminds that in the real world failures are inevitable, especially in the large-scale digital preservation projects required by today s institutions. In a different article of the same year Rosenthal (2010a) returns to the false claim that storage is free or low cost: again, at the scale of real digital preservation and with an appropriate number of copies this is certainly not true. Then it is often said that bit preservation is a solved problem, but at the scales and for the durations needed in digital preservation this is unfortunately not the case. In the backup era, this solution has a drawback: Ironically that ability to mirror and duplicate digital objects also becomes a liability when data is stolen that was not intended for public consumption (Fox, 2006). This aspect of digital information is seen as a potential flaw even by Kuny (1997), who notices how Digital collections facilitate access, but do not facilitate preservation, and by Hedstrom (1998) who claims that The two terms mass storage and long-term preservation embody a contradiction in the current state of affairs of digital library development, representing a time bomb that threatens the long-term viability. Maniatis et al. (2005) also point out the peculiarity of the backup strategies required by digital preservation projects. They make three starting points: Digital preservation systems have some unusual features. First, such systems must be very cheap to build and maintain, which precludes high-performance hardware such as RAID (Patterson et al as cited by Maniatis, 2005) or complicated administration. Second, they need not operate quickly. Their purpose is to prevent rather than expedite change to data. Third, without central control and in the face of possible interference from attackers or catastrophic failures of storage media such as fire or theft, must function properly for decades. 126
11 Information Security Issues in a Digital Library... BİLGİ DÜNYASI, 2012, 13 (1) Policies Data backups, just like all the security measures discussed in section 1, must be part of what we call disaster recovery plan. Fox puts it very plain: Having a disaster recovery plan is very important (2006, p.255). All the literature agreed that backup practice is nothing if not supported by a clear preservation policy, which involves also security and information literacy and staff training and education (Kouzma, 2010, and Balas, 2005). Whitman (2003) and Parkin (2009) also stress on the importance of policies for an efficient digital preservation plan. We examined two policies: OCLC Digital Archive Preservation Policy and Supporting Documentation (OCLC, 2006) and the report Digital Preservation Policies, prepared for JISC in 2008 (Beagrie, Semple, Williams and Wright, 2008). OCLC openly confirms the claims reported by Kouzma (2010, p.5): A preservation strategy must include more than just what can be achieved by good system back-up procedures. A strategy is needed also to ensure the long-term accessibility of digital content objects deemed to have enduring value. The JISC report is interesting also because it aims to be a model for further preservation projects. Our objective therefore has been to produce a practical guide for developing an institutional digital preservation policy (Beagrie et.al, 2008). The policies addressed the preservation problem in an organic way, embracing all the aspects of the institution: from the definition of the Principle Statement which guide the policy itself, to the connection with all other practices engaged by the institute, to the definition of the content and the practices to implement. 3 - User Information Security Computer systems have become an essential element of libraries. As patrons are using library systems, a large amount of transaction data about users is being recorded, and often stored in the systems. This development has severe implications for the security of user data. The already mentioned two-front war that is being fought by libraries results in the need to protect library systems against various types of abuse (see section 1), and the need to guard the confidentiality of their users (Fox, 2006, p.250). Not only hackers and criminals can try to gather confidential data, but also government agencies can do inquiries about library users (Bowers, 2006). The previous section covered the safety of data with respect to accidents and obsolescence, and data preservation policies. Another important issue in libraries is the security of user information, which will be discussed in this section. We will firstly define privacy and confidentiality. Subsequently, we discuss types of privacy issues in the library context, as gathered from the literature. We will also discuss threats to security of user information, trust issues and finally look at security principles regarding user information used by libraries. 127
Managing IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More information資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系
資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系 Outline Infosec, COMPUSEC, COMSEC, and Network Security Why do we need Infosec and COMSEC? Security
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationSITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA
SITA Information Security SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA September, 2012 Contents 1. Introduction... 3 1.1 Overview...
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationPierce County Policy on Computer Use and Information Systems
Pierce County Policy on Computer Use and Information Systems Pierce County provides a variety of information technology resources such as computers, software, printers, scanners, copiers, electronic mail
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationHow Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER
WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationINFORMATION SECURITY INCIDENT MANAGEMENT PROCESS
INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS Effective Date June 9, 2014 INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS OF THE HELLER SCHOOL FOR SOCIAL POLICY AND MANAGEMENT Table of Contents 1.
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationIntroduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI
Office of Regulatory Compliance 13001 E. 17 th Place, Suite W1124 Mail Stop F497 Aurora, CO 80045 Main Office: 303-724-1010 Main Fax: 303-724-1019 HIPAA Policy 7.1 Title: Source: Prepared by: Approved
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationIBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]
IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System
More informationIT Security Management 100 Success Secrets
IT Security Management 100 Success Secrets 100 Most Asked Questions: The Missing IT Security Management Control, Plan, Implementation, Evaluation and Maintenance Guide Lance Batten IT Security Management
More informationICTN 4040. Enterprise Database Security Issues and Solutions
Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationResponsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy
1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines
More informationEnsuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationKEEPING PATIENT INFORMATION SAFE AND SECURE IN THE CLOUD
CASE STUDY Take Cover The costs of exposing or losing patient information can ruin a dental practice. Cloud-based solutions can protect your business and your patients against these threats: Unauthorized
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationmodules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:
SERVER SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Purpose Instructions Improperly configured systems,
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part II By Debbie C. Sasso Principal In part I, we discussed organizational compliance related to information technology and what
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationTEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL
TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for
More informationEnsuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services
Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationTYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510
TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME Haya Fetais & Mohammed Shabana Saint Leo University COM- 510 November 23, 2014 Introduction Globalization and technological developments have infiltrated
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationEthical Applications of New Legal Technology: Conflict Checking, Cloud Computing, Electronic Use & Social Media
Ethical Applications of New Legal Technology: Conflict Checking, Cloud Computing, Electronic Use & Social Media By Todd C. Scott, VP Risk Management Minnesota Lawyers Mutual Ins. Co. The purpose of a conflicts
More informationLAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan
LAW OFFICE SECURITY for Small Firms and Sole Practitioners Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan 1. Introduction CONTENTS 2. Security Consciousness Having a Firm Security
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationInformation Security: A Perspective for Higher Education
Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose
More informationChapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World
Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationFeedback Ferret. Security Incident Response Plan
Feedback Ferret Security Incident Response Plan Document Reference Feedback Ferret Security Incident Response Plan Version 3.0 Date Created June 2013 Effective From 20 June 2013 Issued By Feedback Ferret
More informationSECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM
SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security
More information9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500
INFO 1500 9. Information Assurance and Security, Protecting Information Resources 11. ecommerce and ebusiness Janeela Maraj Tutorial 9 21/11/2014 9. Information Assurance and Security, Protecting Information
More informationInformation Security Awareness Training
Information Security Awareness Training Presenter: William F. Slater, III M.S., MBA, PMP, CISSP, CISA, ISO 27002 1 Agenda Why are we doing this? Objectives What is Information Security? What is Information
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationSecurity Basics: A Whitepaper
Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationCYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE
CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationOCLC Digital Archive Preservation Policy and Supporting Documentation Last Revised: 8 August 2006
OCLC Digital Archive Preservation Policy and Supporting Documentation Last Revised: 8 August 2006 OCLC Online Computer Library Center, Inc. Dublin, Ohio 43017-3395 USA 2004, OCLC Online Computer Library
More informationInformation Security Policies and Procedures Development Framework for Government Agencies. First Edition - 1432 AH
Information Security Policies and Procedures Development Framework for Government Agencies First Edition - 1432 AH 6 Contents Chapter 1 Information Security Policies and Procedures Development Framework
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationData Security Issues in Cloud Computing
12. SECURITY As promising as it is, cloud computing also faces various security issues, which include access of sensitive data, data segregation, privacy, authentication, identity management, policy integration,
More informationTable of Contents. Page 2/13
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationInformation Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need
More informationLocal Government Cyber Security:
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
More information4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.
Topic 8 Database Security LEARNING OUTCOMES When you have completed this Topic you should be able to: 1. Discuss the important of database security to an organisation. 2. Identify the types of threat that
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationForrestville Valley School District #221
Forrestville Valley School District #221 Student Acknowledgment of Receipt of Administrative Procedures for Acceptable Use of the Electronic Network 2015-2016 All use of electronic networks shall be consistent
More informationManaged Security Services
Managed Security Services 1 Table of Contents Possible Security Threats 3 ZSL s Security Services Model 4 Managed Security 4 Monitored Security 5 Self- Service Security 5 Professional Services 5 ZSL s
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationAN OVERVIEW OF VULNERABILITY SCANNERS
AN OVERVIEW OF VULNERABILITY SCANNERS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole
More informationNetwork Security: Policies and Guidelines for Effective Network Management
Network Security: Policies and Guidelines for Effective Network Management Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCodes of Connection for Devices Connected to Newcastle University ICT Network
Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes
More informationCOB 302 Management Information System (Lesson 8)
COB 302 Management Information System (Lesson 8) Dr. Stanley Wong Macau University of Science and Technology Chapter 13 Security and Ethical Challenges 安 全 與 倫 理 挑 戰 Remarks: Some of the contents in this
More information